HHS Offers Funding to Improve Healthcare Threat Intelligence Sharing

Cybercriminals are conducting increasingly sophisticated attacks on healthcare organizations and the number of threats each organization has to deal with has increased significantly in recent years. Criminal attacks on healthcare organizations have increased by 125% in the past five years and cyber-attacks are now the biggest cause of healthcare data breaches. Healthcare organizations now face an uphill battle to keep health data private.

While large healthcare organizations can obtain timely threat intelligence, smaller organizations often lack the necessary resources to commit to cybersecurity defenses, let alone employ the staff to keep abreast of the latest threats.

Many healthcare organizations simply do not have access to up to date intelligence on the latest cybersecurity threats. It is therefore difficult for them to make informed decisions on the best steps to take to prepare for cyberattacks.

The Department of Health and Human Services is well aware of the problems some healthcare organizations experience when it comes to obtaining threat intelligence, and how critical it is to have better visibility into the latest threats. Armed with the knowledge of the latest threats to data security, smaller healthcare organizations can put limited funds to the best possible use.

As Karen DeSalvo – National Coordinator for Health Information Technology of the Office of the National Coordinator for Health Information Technology (ONC) – explained in a recent press release, “Establishing robust threat information sharing infrastructure and capability within the Healthcare and Public Health Sector is crucial to the privacy and security of health information, which is foundational to the digital health system.”

To improve information sharing, the ONC and Assistant Secretary for Preparedness and Response (ASPR) have committed to providing funds to improve healthcare threat intelligence sharing. Two grants totaling $250,000 have now been made available for an Information Sharing and Analysis Organization (ISAO) for the Healthcare and Public Health sector, with a commitment to provide up to $250,000 per year for the next five years.

According to DeSalvo, the aim is to develop a coordinated resource that will “focus on sharing the most up-to-date threat information across the health and public health sectors, and will better equip health systems to identify potential threats and further protect electronic health information.”

The ONC is looking for an existing sector-specific ISAO or Information Sharing and Analysis Center (ISAC) to use the funding to expand operations and bi-directionally exchange threat intelligence between the HHS and the Healthcare and Public Health sector.

The ONC and ASPR require the ISAO/ISAC to provide timely and up to date information on the latest cyber threats to the entire healthcare and public health sector and to expand outreach and education activities on cybersecurity. The aim is to make sure that timely threat intelligence is provided to all healthcare organizations – regardless of size – and to equip stakeholders to take action and respond to the latest threats.

Organizations can find out more about the available grants at www.grants.gov

About HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines. HIPAA Journal's goal is to assist HIPAA-covered entities achieve and maintain compliance with state and federal regulations governing the use, storage and disclosure of PHI and PII.